Tech Off Thread

Forum Read Only

I am using a 'transparent cache service' which is a
proxy forced on me by my ISP (so they can save
bandwidth). So if you check my IP by the normal
method you will get the cache server (thus multiple
users appear to come from the same IP). However if
you check the HTTP_X_FORWARDED_FOR var in the header
you will see my true IP and thus can limit things
such as polls to one IP.

There is no guarantee that the x-forwarded-for request header data will be present just like there is no guarantee that client-ip data will actually represent the originating client as opposed to the proxy making the request on the client's behalf. As
I've said, we do track IPs and IP data is not guaranteed to ensure that we know who you are. This is a hard problem that pretty much no web-based (client web browser-web server technology) has nailed.

Yes, the poll is super easy to eploit. The question is, why exploit it? This is a social problem as much as it is a technological problem. "Gee. Other forums do this. And other forums do that...".

This is Channel 9. We like to think that a community can be responsible for and by itself. If you must exploit simple web features to make yourself happy, well, go do it somewhere else.